Update: Autopilot Companion based on Power Apps

Today I want to show you the updated Autopilot Companion Power App. Check out my initial post to learn about the basics of the Companion App, how it works and how it started: https://mikemdm.de/2023/04/08/autopilot-companion-app/

What has changed since the last version? The biggest change is the possibility to pre-assign a user the Autopilot Device. For more information check out the official docs: https://learn.microsoft.com/autopilot/tutorial/user-driven/azure-ad-join-assign-device-to-user?WT.mc_id=317638
You can find the new version on my GitHub repo: https://github.com/mmeierm/Autopilot-Companion/tree/main/PowerApp

Companion App

In the Device page you can now see, if a user is assigned, remove the assigned user or assign a new user to the device.

When you click on “Assign User” you will see a user search page, which allows you to search for the user UPN with a startswith filter to make it easier:

Power Automate

In the backend the Companion App now contains 10 Power Automate Flows:

All Flows were updated to the PowerApps (V2) connector to be future proof and support the new designer to make modifications easier.

Getting the Power App

Power App

First step to do is to import the Power App in https://make.powerapps.com/, this will create the Power App and also the Power Automate Flows

Select the downloaded .zip File from GitHub and start the import.

If everything went well, you should see the Companion PowerApp and the ten assigned Power Automate Flows created in your environment.

App Registration

If you already had the first version of the Companion App, you can skip this part and go directly to the Power Automate section: #PowerAutomate
First, we need to create an Azure App Registration to allow our App access Autopilot via Graph API. We can simply create a new App Registration, give it a name and go to the API Permissions

We need the following permissions as type Application assigned:

Last, we can now create the Client Secret, that we use in the Power Automate Flows, you can also create a Certificate based solution, but for this Blog to keep it easy I will show it with a Client Secret. Make sure you copy the Secret after creation, as we will need it later and you can view it after saving.

Power Automate

With the previously created App credentials we can now finally adjust the Flows to use our freshly created App Registration. We have to modify every flow, as it currently contains placeholders for the Credentials and also they are imported in a disabled state. First we locate the imported Flows in https://make.powerautomate.com/
We should find 10 imported Flows:

To modify the Credentials we need to have a look at every “HTTP” step in every Flow and change the Placeholders (Tenant ID, Client ID and Secret) with the appropriate values.

One special Flow is the “Get-RBAC-GroupTag”, in this we can change two additional Values, the first thing is the list of visible GroupTags for all Users in the “Initialize Variable” Step and also the Entra ID Group ID of a Group of Users that should see a different set of GroupTags in the “Set variable” step.

Once you modified the Flow, you have to turn it on in order to use it from the Power App:

Power App

At the first start of the App, you will be asked to allow access to “Office 365 User”, which is used to show the Profile Picture in the top left corner

Once this last step is done, you can now use your Autopilot Companion from the Browser or via the mobile PowerApps App.





4 responses to “Update: Autopilot Companion based on Power Apps”

  1. We are a school with around 1000 Clients and this solution allows us to activly envolve the students with the enrollment/deployment process for the primary school kids.

    Truly an amazing solution. Thank you so much.

  2. My first barcode scan on the box of a microsoft surface I get this error message. Any idea what im doing wrong? I updated all of the HTTP values from my app.

    Get-Autopilot-Devices.Run failed: {
    “error”: {
    “code”: 502,
    “source”: “unitedstates-002.azure-
    “message”: “BadGateway”,
    “innerError”: {
    “error”: {
    “code”: “NoResponse”,
    “message”: “The server did not receive a response from an upstream server. Request tracking id
    Get-RBAC-GroupTag. Run failed: {
    “error”: {
    “code”: 502,
    “source”: “unitedstates-002.azure-apim.net”,
    “message”: “BadGateway”,
    “innerError”: {
    “error”: {
    “code”: “NoResponse”
    “message”: “The server did not receive a response from an upstream server. Request tracking id

    1. Hi, please check the two failed flows (Get-Autopilot-Devices and Get-RBAC-GroupTag) in https://make.powerautomate.com/ to see why they fail. Check that the App credentials that you entered are valid and does for example not contain additonal spaces or CR. For the Flow “Get-RBAC-GroupTag” Flow make sure that the GroupID that is used in the HTTP Request (In the example “https://graph.microsoft.com/beta/groups/35a264fe-e19b-4ce7-afd4-67bd085cef7e/members”) matches a group in your EntraID, otherwise the request will fail with a “Bad request” error.

  3. […] Update: Autopilot Companion based on Power Apps […]

Leave a Reply

Your email address will not be published. Required fields are marked *